[opam-devel] current opam-repository policy : who can modify a package description

[Jeremy Yallop]

Dear Fabrice,

On 22 February 2016 at 10:09, Fabrice Le Fessant
<fabrice.le_fessant at ocamlpro.com> wrote:
> As discussed on here:
> https://github.com/ocaml/opam-repository/pull/5338
> the current opam-repository policy is loose, in the sense that anybody can
> modify anybody else's package description. I think the reason for that, in
> the past, has been that it allowed the repository maintainers to improve the
> global quality of the repository.
>
> I think it's time to discuss if we should keep this policy, or if we should
> be a little more strict about that.

Is it fair to say that your concerns are primarily about notification
rather than permission?  The problem isn't that people are modifying
other people's packages, but that the original maintainers aren't
always notified.

One thing I try to do when submitting pull requests that modify
others' packages is to mention the GitHub username of the maintainer
in the PR description so that they receive a notification.  If the
change is likely to be at all controversial then I wait for the
maintainer to comment before merging.

This approach could be mostly automated, with a bot that retrieves the
username of the original committer of each file from the GitHub API.
However, I wonder if it'd be sufficient to add a note to the PR check
procedure (https://github.com/ocaml/opam-repository/wiki/PR-checks)
suggesting that opam-repository maintainers notify package maintainers
when submitting changes.